Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/28dea6-2062-4b99-9921-4e2b8e3c65c5/1/5XREpJm-zu3io-ffqDwaJC5VCBM.roa
File:                     5XREpJm-zu3io-ffqDwaJC5VCBM.roa (raw, json)
Hash identifier:          xFPZsb8QomkqabpLOM8DGCo0rU5fqcGMtIrFlE8OizU=
Subject key identifier:   E5:74:44:A4:99:BE:CE:ED:E2:A3:E7:DF:A8:3C:1A:24:2E:55:08:13
Certificate issuer:       /CN=b1de96d535d5954a16f67d89201ff8062a151ab5
Certificate serial:       018CC6B85DBC262E9D30C4FBDEC454D1066E
Authority key identifier: B1:DE:96:D5:35:D5:95:4A:16:F6:7D:89:20:1F:F8:06:2A:15:1A:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sd6W1TXVlUoW9n2JIB_4BioVGrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/28dea6-2062-4b99-9921-4e2b8e3c65c5/1/5XREpJm-zu3io-ffqDwaJC5VCBM.roa
Signing time:             Mon 01 Jan 2024 20:30:20 +0000
ROA not before:           Mon 01 Jan 2024 20:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        193.9.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/28dea6-2062-4b99-9921-4e2b8e3c65c5/1/sd6W1TXVlUoW9n2JIB_4BioVGrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/28dea6-2062-4b99-9921-4e2b8e3c65c5/1/sd6W1TXVlUoW9n2JIB_4BioVGrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sd6W1TXVlUoW9n2JIB_4BioVGrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 22:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:5d:bc:26:2e:9d:30:c4:fb:de:c4:54:d1:06:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1de96d535d5954a16f67d89201ff8062a151ab5
        Validity
            Not Before: Jan  1 20:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e57444a499beceede2a3e7dfa83c1a242e550813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f1:37:f2:49:60:64:93:74:45:20:7b:21:ce:
                    5c:64:4d:12:fe:ee:0b:68:22:79:95:fe:16:19:8b:
                    b3:11:54:d7:7b:f7:95:d7:61:a1:04:80:43:ef:47:
                    c1:0c:83:33:c0:6d:60:91:a5:f6:da:8d:bf:c2:13:
                    1d:88:fd:12:66:81:e9:6a:bc:50:ac:c3:2e:7e:50:
                    14:bd:7f:90:46:94:e4:b7:6b:cf:c3:1f:38:08:98:
                    db:a6:79:e0:66:9f:94:a2:05:1e:d8:d7:24:f2:75:
                    9c:c2:e9:96:5d:38:a5:e7:de:3c:a6:45:94:7c:d8:
                    96:b2:dc:20:53:97:8e:42:8a:22:06:dc:d9:07:fc:
                    c8:42:08:7e:08:71:35:9a:d1:0b:ac:e0:41:3c:0c:
                    0e:a5:6f:dc:57:d0:c5:14:ed:29:6b:90:ac:1f:f3:
                    aa:d0:7e:9b:c8:ca:ba:99:3d:3a:65:e8:d2:b2:ca:
                    0d:aa:05:98:4e:66:d0:d9:50:1f:51:58:d6:5c:1d:
                    03:43:8d:db:bd:cb:56:0d:df:06:3a:6b:89:96:2f:
                    33:47:72:84:da:9e:9a:71:2c:19:6d:7c:2e:6c:af:
                    f0:54:9a:3b:93:0b:6e:ca:6d:90:3b:ec:16:44:07:
                    cd:a5:43:49:57:46:2c:ba:3f:e7:25:56:2b:84:c6:
                    5f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:74:44:A4:99:BE:CE:ED:E2:A3:E7:DF:A8:3C:1A:24:2E:55:08:13
            X509v3 Authority Key Identifier:
                keyid:B1:DE:96:D5:35:D5:95:4A:16:F6:7D:89:20:1F:F8:06:2A:15:1A:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sd6W1TXVlUoW9n2JIB_4BioVGrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/28dea6-2062-4b99-9921-4e2b8e3c65c5/1/5XREpJm-zu3io-ffqDwaJC5VCBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/28dea6-2062-4b99-9921-4e2b8e3c65c5/1/sd6W1TXVlUoW9n2JIB_4BioVGrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:03:aa:e6:6b:50:21:10:20:bb:8c:d4:7e:92:9e:97:fe:b7:
         8a:50:9b:92:1b:d2:a0:30:bc:03:c4:43:ca:15:17:c9:65:88:
         94:6c:28:41:ea:c6:1b:75:c5:8f:8a:97:91:ba:8e:74:b6:82:
         3b:79:72:19:50:24:8e:cf:6e:1d:ea:d5:75:e4:f4:9e:b1:5a:
         09:43:62:fc:41:63:75:70:7c:04:eb:cb:a2:6d:ee:01:3a:c3:
         2a:8e:d5:90:4c:dd:00:c8:dc:41:9f:ce:78:43:90:78:aa:07:
         2f:b1:8b:5f:e5:1c:9b:e9:19:9e:5d:5d:be:f3:6d:0a:95:44:
         39:d8:77:fd:a3:e1:d5:35:e6:ba:44:dd:b0:e4:84:70:67:24:
         e2:d4:18:c1:59:1c:c0:6f:55:d9:5b:1c:bf:d1:74:ba:e0:3e:
         88:90:4c:4e:ba:3b:46:e3:83:d8:5a:28:af:4c:49:d9:8b:b3:
         da:3b:76:13:88:cb:ff:8d:0d:86:e3:a2:7e:67:47:77:36:1d:
         df:24:1b:4b:a3:63:b4:39:29:1a:26:15:42:63:3b:5b:c0:f8:
         5b:9a:56:3f:fd:2f:7c:a8:0c:fb:70:28:cc:03:c6:07:31:95:
         9e:42:76:cd:f4:1d:ed:6f:ba:39:ca:db:fb:87:c1:a7:6d:af:
         82:ba:05:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuF28Ji6dMMT73sRU0QZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZGU5NmQ1MzVkNTk1NGExNmY2N2Q4OTIwMWZmODA2MmEx
NTFhYjUwHhcNMjQwMTAxMjAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTc0NDRhNDk5YmVjZWVkZTJhM2U3ZGZhODNjMWEyNDJlNTUwODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifE38klgZJN0RSB7Ic5cZE0S/u4L
aCJ5lf4WGYuzEVTXe/eV12GhBIBD70fBDIMzwG1gkaX22o2/whMdiP0SZoHparxQ
rMMuflAUvX+QRpTkt2vPwx84CJjbpnngZp+UogUe2Nck8nWcwumWXTil5948pkWU
fNiWstwgU5eOQooiBtzZB/zIQgh+CHE1mtELrOBBPAwOpW/cV9DFFO0pa5CsH/Oq
0H6byMq6mT06ZejSssoNqgWYTmbQ2VAfUVjWXB0DQ43bvctWDd8GOmuJli8zR3KE
2p6acSwZbXwubK/wVJo7kwtuym2QO+wWRAfNpUNJV0Ysuj/nJVYrhMZftwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOV0RKSZvs7t4qPn36g8GiQuVQgTMB8GA1UdIwQY
MBaAFLHeltU11ZVKFvZ9iSAf+AYqFRq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2Q2VzFUWFZsVW9XOW4ySklCXzRCaW9WR3JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8yOGRlYTYtMjA2Mi00Yjk5LTk5MjEt
NGUyYjhlM2M2NWM1LzEvNVhSRXBKbS16dTNpby1mZnFEd2FKQzVWQ0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8yOGRlYTYtMjA2Mi00Yjk5LTk5MjEtNGUyYjhlM2M2NWM1
LzEvc2Q2VzFUWFZsVW9XOW4ySklCXzRCaW9WR3JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkxMA0G
CSqGSIb3DQEBCwUAA4IBAQAQA6rma1AhECC7jNR+kp6X/reKUJuSG9KgMLwDxEPK
FRfJZYiUbChB6sYbdcWPipeRuo50toI7eXIZUCSOz24d6tV15PSesVoJQ2L8QWN1
cHwE68uibe4BOsMqjtWQTN0AyNxBn854Q5B4qgcvsYtf5Ryb6RmeXV2+820KlUQ5
2Hf9o+HVNea6RN2w5IRwZyTi1BjBWRzAb1XZWxy/0XS64D6IkExOujtG44PYWiiv
TEnZi7PaO3YTiMv/jQ2G46J+Z0d3Nh3fJBtLo2O0OSkaJhVCYztbwPhbmlY//S98
qAz7cCjMA8YHMZWeQnbN9B3tb7o5ytv7h8Gnba+CugVH
-----END CERTIFICATE-----